src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java - sling-org-apache-sling-auth-core - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.sling.auth.core.spi;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.sling.api.resource.ResourceUtil;
 import org.apache.sling.auth.core.AuthenticationSupport;
 import org.apache.sling.auth.core.AuthUtil;
 import org.slf4j.LoggerFactory;

 public class DefaultAuthenticationFeedbackHandler implements
         AuthenticationFeedbackHandler {

     /**
      * Handles an optional request for a redirect after successful
      * authentication and <code>true</code> if the request has been redirected.
      * <p>
      * This method checks {@link AuthenticationSupport#REDIRECT_PARAMETER}
      * request parameter for the redirect target. This parameter is handled
      * as follows:
      * <ul>
      * <li>If the parameter does not exist, the method does not redirect and
      * <code>false</code> is returned.</li>
      * <li>If the parameter is the string <code>true</code> or is empty, a
      *  redirect response to the request URI (<code>HttpServletRequest.getRequestURI()</code>)
      *  is sent and <code>true</code> is returned.</li>
      * <li>If the parameter is a relative path, the path is made absolute
      *  by resolving it relative to the request URI
      *  (<code>HttpServletRequest.getRequestURI()</code>). The resulting
      *  target is validated with the
      *  {@link AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
      *  method. If valid a redirect to that target is sent back and <code>true</code>
      *  is returned. Otherwise a redirect to the servlet context root is
      *  sent back and <code>true</code> is returned.</li>
      * <li>If the parameter is an absolute path it is validated with the
      *  {@link AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
      *  method. If valid a redirect to that path is sent back and <code>true</code>
      *  is returned. Otherwise a redirect to the servlet context root is
      *  sent back and <code>true</code> is returned.</li>
      *  </ul>
      * If sending the redirect response fails due to some IO problems, the
      * request is still terminated but an error message is logged indicating the
      * problem.
      *
      * @return <code>true</code> if redirect was requested. Otherwise
      *         <code>false</code> is returned. Note, that <code>true</code> is
      *         returned regardless of whether sending the redirect response
      *         succeeded or not.
      *
      * @since 1.0.4 (bundle version 1.0.8) the target is validated with the
      *        {@link AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
      *        method.
      */
     public static boolean handleRedirect(final HttpServletRequest request,
             final HttpServletResponse response) {

         final String redirect = getValidatedRedirectTarget(request);
         if (redirect != null) {
             // and redirect ensuring the response is sent to the client
             try {
                 response.sendRedirect(redirect);
             } catch (Exception e) {
                 // expected: IOException and IllegalStateException
                 LoggerFactory.getLogger(
                     DefaultAuthenticationFeedbackHandler.class).error(
                     "handleRedirect: Failed to send redirect to " + redirect
                         + ", aborting request without redirect", e);
             }

             // consider the request done
             return true;
         }

         // no redirect requested
         return false;
     }

     private static String getValidatedRedirectTarget(
             final HttpServletRequest request) {
         String redirect = request.getParameter(AuthenticationSupport.REDIRECT_PARAMETER);
         if (redirect == null) {
             return null;
         }

         // redirect to the same path
         if ("true".equalsIgnoreCase(redirect) || redirect.length() == 0) {
             return request.getRequestURI();
         }

         // redirect relative to the current request (make absolute)
         if (!redirect.startsWith("/") && !redirect.contains("://")) {
             String path = request.getRequestURI();
             path = path.substring(request.getContextPath().length());
             int lastSlash = path.lastIndexOf('/');
             path = (lastSlash > 0) ? path.substring(0, lastSlash + 1) : path;
             redirect = path.concat(redirect);
             redirect = ResourceUtil.normalize(redirect);
         }

         // prepend context path if necessary
         if (redirect.startsWith("/") && !redirect.startsWith(request.getContextPath())) {
             redirect = request.getContextPath().concat(redirect);
         }

         // absolute target (in the servlet context)
         if (!AuthUtil.isRedirectValid(request, redirect)) {
             LoggerFactory.getLogger(DefaultAuthenticationFeedbackHandler.class).error(
                 "handleRedirect: Redirect target '{}' is invalid, redirecting to '/'",
                 redirect);
             redirect = "/";
         }

         return redirect;
     }

     /**
      * This default implementation does nothing.
      * <p>
      * Extensions of this class may overwrite to cleanup any internal state.
      */
     public void authenticationFailed(HttpServletRequest request,
             HttpServletResponse response, AuthenticationInfo authInfo) {
     }

     /**
      * This default implementation calls the
      * {@link #handleRedirect(HttpServletRequest, HttpServletResponse)} method
      * to optionally redirect the request after successful authentication.
      * <p>
      * Extensions of this class may overwrite this method to perform additional
      * cleanup etc.
      *
      * @return the result of calling the
      *            {@link #handleRedirect(HttpServletRequest, HttpServletResponse)}
      *            method.
      */
     public boolean authenticationSucceeded(HttpServletRequest request,
             HttpServletResponse response, AuthenticationInfo authInfo) {
         return handleRedirect(request, response);
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.sling.auth.core.spi;

	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.sling.api.resource.ResourceUtil;
	import org.apache.sling.auth.core.AuthenticationSupport;
	import org.apache.sling.auth.core.AuthUtil;
	import org.slf4j.LoggerFactory;

	public class DefaultAuthenticationFeedbackHandler implements
	AuthenticationFeedbackHandler {

	/**
	* Handles an optional request for a redirect after successful
	* authentication and <code>true</code> if the request has been redirected.
	* <p>
	* This method checks {@link AuthenticationSupport#REDIRECT_PARAMETER}
	* request parameter for the redirect target. This parameter is handled
	* as follows:
	* <ul>
	* <li>If the parameter does not exist, the method does not redirect and
	* <code>false</code> is returned.</li>
	* <li>If the parameter is the string <code>true</code> or is empty, a
	* redirect response to the request URI (<code>HttpServletRequest.getRequestURI()</code>)
	* is sent and <code>true</code> is returned.</li>
	* <li>If the parameter is a relative path, the path is made absolute
	* by resolving it relative to the request URI
	* (<code>HttpServletRequest.getRequestURI()</code>). The resulting
	* target is validated with the
	* {@link AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
	* method. If valid a redirect to that target is sent back and <code>true</code>
	* is returned. Otherwise a redirect to the servlet context root is
	* sent back and <code>true</code> is returned.</li>
	* <li>If the parameter is an absolute path it is validated with the
	* {@link AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
	* method. If valid a redirect to that path is sent back and <code>true</code>
	* is returned. Otherwise a redirect to the servlet context root is
	* sent back and <code>true</code> is returned.</li>
	* </ul>
	* If sending the redirect response fails due to some IO problems, the
	* request is still terminated but an error message is logged indicating the
	* problem.
	*
	* @return <code>true</code> if redirect was requested. Otherwise
	* <code>false</code> is returned. Note, that <code>true</code> is
	* returned regardless of whether sending the redirect response
	* succeeded or not.
	*
	* @since 1.0.4 (bundle version 1.0.8) the target is validated with the
	* {@link AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
	* method.
	*/
	public static boolean handleRedirect(final HttpServletRequest request,
	final HttpServletResponse response) {

	final String redirect = getValidatedRedirectTarget(request);
	if (redirect != null) {
	// and redirect ensuring the response is sent to the client
	try {
	response.sendRedirect(redirect);
	} catch (Exception e) {
	// expected: IOException and IllegalStateException
	LoggerFactory.getLogger(
	DefaultAuthenticationFeedbackHandler.class).error(
	"handleRedirect: Failed to send redirect to " + redirect
	+ ", aborting request without redirect", e);
	}

	// consider the request done
	return true;
	}

	// no redirect requested
	return false;
	}

	private static String getValidatedRedirectTarget(
	final HttpServletRequest request) {
	String redirect = request.getParameter(AuthenticationSupport.REDIRECT_PARAMETER);
	if (redirect == null) {
	return null;
	}

	// redirect to the same path
	if ("true".equalsIgnoreCase(redirect) \|\| redirect.length() == 0) {
	return request.getRequestURI();
	}

	// redirect relative to the current request (make absolute)
	if (!redirect.startsWith("/") && !redirect.contains("://")) {
	String path = request.getRequestURI();
	path = path.substring(request.getContextPath().length());
	int lastSlash = path.lastIndexOf('/');
	path = (lastSlash > 0) ? path.substring(0, lastSlash + 1) : path;
	redirect = path.concat(redirect);
	redirect = ResourceUtil.normalize(redirect);
	}

	// prepend context path if necessary
	if (redirect.startsWith("/") && !redirect.startsWith(request.getContextPath())) {
	redirect = request.getContextPath().concat(redirect);
	}

	// absolute target (in the servlet context)
	if (!AuthUtil.isRedirectValid(request, redirect)) {
	LoggerFactory.getLogger(DefaultAuthenticationFeedbackHandler.class).error(
	"handleRedirect: Redirect target '{}' is invalid, redirecting to '/'",
	redirect);
	redirect = "/";
	}

	return redirect;
	}

	/**
	* This default implementation does nothing.
	* <p>
	* Extensions of this class may overwrite to cleanup any internal state.
	*/
	public void authenticationFailed(HttpServletRequest request,
	HttpServletResponse response, AuthenticationInfo authInfo) {
	}

	/**
	* This default implementation calls the
	* {@link #handleRedirect(HttpServletRequest, HttpServletResponse)} method
	* to optionally redirect the request after successful authentication.
	* <p>
	* Extensions of this class may overwrite this method to perform additional
	* cleanup etc.
	*
	* @return the result of calling the
	* {@link #handleRedirect(HttpServletRequest, HttpServletResponse)}
	* method.
	*/
	public boolean authenticationSucceeded(HttpServletRequest request,
	HttpServletResponse response, AuthenticationInfo authInfo) {
	return handleRedirect(request, response);
	}

	}